Emphatically hatless: On Sat, Aug 15, 2020 at 12:47 AM Alessandro Vesely <ves...@tana.it> wrote:
> >> Lists have been around a lot longer than DMARC has. > > That doesn't grant lists any extra right. Others consider current > global usage as a priority gauge. > This line of thinking has bothered me for a long time. Imagine you're a large soft drink manufacturer. Your delicious, popular product is sold in grocery stores the world over, sometimes directly from your production line, sometimes via a local reseller. Your sales team does one or the other depending on the use case. Business has been good for a generation or two. One day you decide you don't like resellers anymore because some of them mis-promote your product, so you somehow arrange that the cans in the stores that passed through resellers suddenly and randomly begin invalidating themselves by bursting, making a mess of the store and soaking customers. Other products nearby are also ruined. This reflects poorly on the resellers, some of whom are forced to stop doing business with you. Stores get angry and are forced to reconsider doing business with you as well, but you're big and popular and so many of them have to deal with your mess on an ongoing basis. Many customers take their business elsewhere; the stores suffer. The argument here appears to be that is that this is justified, because the ecosystem of manufacturers, grocery stores, resellers, and customers that has existed for as long as you can remember has no right to operate that way if you suddenly decide you don't want it to; it's your brand, and your word about your brand is final irrespective of how you choose to enforce it. You're suddenly, for reasons you feel are legitimate, asserting that the ecosystem was broken to begin with despite the fact that you've been a willing participant for decades, and therefore you are at liberty to disrupt it (though, admittedly, you may have been unaware of the blast radius of doing so). Now, you may be right that the ecosystem was built on the incorrect premise that domain names don't need to be treated as sacrosanct. (Let's ignore for the moment the stuff about hindsight.) But that assertion clearly differs from the well-established foundation upon which a great deal rests today. It is far from trivial to change that now. It's possible to do, to be sure, but dropping it into the world overnight has a hugely disruptive impact. Such a change needs to be an evolution, with the cooperation and collaboration of a preponderance of the participants, not a philosophical light switch you get to throw and expect everyone else to conform. I don't want any more soda on me. Why people's mailboxes must be spoofable? > I don't know about "must", but changing the fundamental assumption that it's acceptable in some cases for X to pretend to be Y (which is what MLMs do), at X's discretion, is a tectonic change that should have been rolled out with more community collaboration and grace than it was. I think we need to be more considerate of that fact if there is to be progress. Syllogism goes like so: Mailing list must not accept strict DMARC > policies, humans may happen to use mailing lists, therefore email > domains which hosts mailboxes used by humans must not publish strict > DMARC policies. Is that really what we seek? I hope not. > It is our current reality, and in my humble opinion, we've nobody to blame but ourselves. -MSK, participating.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
